Opened 10 months ago

Closed 2 months ago

Last modified 2 months ago

#25090 closed defect (worksforme)

Make sure IPFS & co in addons are shoved up through Tor and don't leak in ESR60

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr, tbb-proxy-bypass
Cc: arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Starting from FF59,

https://blog.mozilla.org/addons/2018/01/26/extensions-firefox-59/

Support for Decentralization Protocols

Mozilla has always been a proponent of decentralization, recognizing that it is a key ingredient of a healthy Internet. Starting with Firefox 59, several protocols that support decentralized architectures are approved for use by extensions. The newly approved protocols are:

  • Dat Project (dat://)
  • IPFS (dweb:// ipfs:// ipns://)
  • Secure Scuttlebutt (ssb://)

Firefox itself does not implement these protocols, but having them on the approved list means the browser recognizes them as valid protocols and extensions are free to provide implementations.

Firefox will allow addons to support IPFS, ..etc. There's a need to be sure that all those things when implemented in addons are shoved up through Tor and don't leak.

Child Tickets

Change History (5)

comment:1 Changed 10 months ago by cypherpunks

Not OP.
I think these protocols would just increase the surface of attack. We can't trust file:// in firefox, why would we trust these? Frankly I think this junk should be ripped from the tor-browser and removed.

comment:2 in reply to:  1 Changed 10 months ago by cypherpunks

Replying to cypherpunks:

I think these protocols would just increase the surface of attack. We can't trust file:// in firefox, why would we trust these?

I think there are some interesting use cases for these things, and it's only for addons anyway. It's completely different from file://

comment:3 Changed 2 months ago by gk

Keywords: tbb-proxy-bypass added

comment:4 Changed 2 months ago by arthuredelstein

Cc: arthuredelstein added

comment:5 Changed 2 months ago by gk

Resolution: worksforme
Status: newclosed

I think we are good right now. There is no TCP/UDP Socket API available for WebExtensions yet (see: https://bugzilla.mozilla.org/show_bug.cgi?id=1247628) so, this risk is ruled out. You can register those protocols with protocol handlers (see: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/protocol_handlers) but that's a web based mechanism, so that should be fine (or it points back to your own extension code but then there is no TCP/UDP Socket API available).

That said: even if extensions which implemented/supported those protocols *would* bypass Tor then I think this would fall under our strong recommendation to not install third-party extensions as they can compromise your privacy/anonymity.

Last edited 2 months ago by gk (previous) (diff)
Note: See TracTickets for help on using tickets.